.png)
2 months ago
28 BOOK THIS SPACE FOR AD
ARTICLE AD
First you can see the hackerone reports in below
now let’s how can we find it..
Fitst enumrate subdomains using subfinder
subfinder -d evil.com -all -recursive -o sbfdr_r1.txt
subfinder -dL sbfdr_r1.txt -all -recursive -o sbfder_r2.txt
with assetfinder
assetfinder -subs-only evil.com | tee ast_evil_subs.txt
using bbot
bbot -t evil.com -f subdomain-enum -rf passive -o bbot_evil_subs.txt
using amass
amass enum -d example.com -o evil_subs_normal_scan.txt
amass enum -active -d example.com -o evil_subs_active_scan.txt
amass enum -passive -d example.com -o evil_subs_passive_scan.txt
i used these you want use more tools like sublist3r,finddomain,knockpy etc…
if you use these techniques to fine more subdomains
in this case these subs will enough to find gmap key
after move all subdomains into onefile using this command
cat * | sort -u | tee final_evil_subs.txt
check for alived subdomains using httpx
cat final_evil_subs.txt | httpx -ports 80,443,8009,8080,8081,8090,8180,8443 -sc -cl -title -t 100 -fr -nc | anew evil_alive_subs.txt
Now we find waybackurls and active crawling
using waybackurls
cat final_evil_subs.txt | waybackurls -no-subs | anew wayback_evil.txt
using gau
cat final_evil_subs.txt | gau — threads 5 — o gau_evil.txt
using katana
cat final_evil_subs.txt | katana -d 5 -jc -c 50 -ct m -o katana_evil_normal.txt
cat final_evil_subs.txt | katana -d 5 -c 50 -jc -ct m -s breadth-first -o katana
_evil_breadth_fst.txt
using hakrawler
cat final_evil_subs.txt | hakrawler -d 5 -t 20| tee hakrawler_evil.txt
now gre .js files
cat * | grep .js$ | sort -u | tee evil_js.txt
lets check those js files one by one [remember manual is the best]
find secrets in js files not only gmap api key
lets see how to find those secrets like api,access token ..
cat evil_js.txt | mantra
finding secrets using jsecret tool [https://github.com/raoufmaklouf/jsecret]
cat * | jsecret
lets see how to exploit
using google map api scanner [https://github.com/ozguralp/gmapsapiscanner]
that’s it create a report and just report them with poc
Thaks for reading.
Jai shree krishna
jai hind
Bengali (Bangladesh) · 
English (United States) ·